Tag: authz

This is an extremely short how to regarding the setup of FreeIPA or RH IDM and Jenkins. The guide demonstrates how to configure user and group authentication and authorization using the Jenkins Matrix Based Security plugin. This will allow you to define finer grain access to your Jenkins instances based on LDAP group membership.

Screenshot is worth a thousand words:

The key takeaways are:

the search base should be limited to the cn=users,cn=accounts subtree. The search filter uid={0} will match the username of the user attempting to login to their IPA/IDM uid field.

Group searches need to be limited to the compat tree, this returns all groups with members of each group defined as memberUid. I believe this may be dependent on the way you create groups in IPA/IDM, ie you need to enable compat.

Group membership is dependant on jenkins determining if memberUid={0} ie the username appearing in a group.

You can visualize this by performing an ldapsearch against the LDAP in question.